The Ingress controller is a specialized load 
balancer that manages Layer 4 and 7 ingress 
and egress (“north-south”) traffic. 


It can also be used for: 


e Traffic control 

e Traffic shaping 

e Monitoring and visibility 

e As an API gateway 

e Authentication and SSO 
Monitoring and Visibility e WAF integration 
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Security 
The Ingress controller can 
give you insight into issues 
impacting app and 
infrastructure performance 
and help you predict when 
traffic surges will strike. 


The Ingress controller can 
protect your environment from 
unauthorized or malicious traffic 
via centralized authentication, 
single-sign on (SSO), and as the 
ideal point for a web application 
firewall (WAF). 
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Ingress traffic is traffic entering a 
Kubernetes cluster. 


The Ingress controller accepts 
ingress traffic, potentially modifies 
(shapes) it, and distributes it to Egress traffic is traffic exiting a 
pods running inside the Kubernetes cluster. 
environment. 
The Ingress controller implements 
egress rules to enhance security 
with mutual TLS (mTLS) or limits 
outgoing traffic from certain pods 
Service Service to specific external services. 
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The Ingress controller monitors 
the individual pods of a service, 
guaranteeing intelligent routing 
and preventing requests from 
being “black-holed.” 
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A service mesh routes and 
secures east-west traffic. 


It is used to implement: 


Service 
e End-to-end encryption and mTLS 


E e Orchestration 
e Managing service traffic 
e Monitoring and visibility 
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East-west (Service-to-service) traffic is 
traffic moving among services within a 
Kubernetes cluster. 


An Ingress controller cannot manage 
east-west traffic. 


When your app and infrastructure reach a 
level of maturity where this traffic needs to 
be managed, you need a service mesh. 
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